Platform Engineering Team/API Value Stream/API Demo Sept 02, 2021
Platform Engineering Team
API Value Stream
Jump to navigation
Jump to search
API DEMO 2021-09-02
Overview of API Process
A high level as to how and what API team will produce
Different OAuth Flows that exist in the API Portal
How does an Auth strategy impact our authentication flows that were demoed?
We do have a sense that the way we are hosting our api web services that they have gone and leveraged some data from api1 to api2.
[NN] Different methods of authentication result in challenges because not all clients can use Oauth
[BP] from a production standpoint we have a split mind on authentication.
Mediawiki has the capabilities to authenticate through Oauth
[CC] not sure if it is an implementation issue or issue more generally with Oauth
[BP] +1 problem isn;t Oath itself
Having the right code and right endpoints in order to complete an interaction
[NN] existing tickets log these issues
[BP] if we see you are a valid person
Authentication vs authorization
Mediawiki core is the authorization server that determines what capabilities we already have
[SK] from the perspective of is it more upstream or downstream, there are definite end-user issues because of the inconsistencies of the user authentication methods
Dependency on what security decides auth should be
Right now we are straddling across Cloud Services and Kubernetes
How are we doing it right now?
Initially chose Oauth without ensuring everyone was
What is WMCS doing now?
Use bot passwords: Manual:Bot passwords - MediaWiki
How does Auth impact Rate limiting and other capabilities
You have the keys and so you have a certain amount of assurances to create a hash that contains the rate limiting information
Api key = client identity that gets generated by Oauth right now
[CC] There would be a lot of wins for us to create our own authentication component that is not tied to core mediawiki
Maintain a sweet of extensions for auth called Pluggable Auth that let you connect to Mediawiki from multiple different authenticators
Key vs token
Key identifies the application
Usinet client secret to validate
Tokens - are access tokens that have longer lives
Can we look at solving for authentication at the user persona
Retrieved from "
Not logged in
What links here
Cite this page
Create a book
Download as PDF
In other languages